NewsU.S. and the World

Actions

JBS paid $11 million to resolve ransomware attacks, company says

jbs meat plant.jpg
Posted at 6:22 PM, Jun 09, 2021
and last updated 2021-06-09 20:26:19-04

DENVER – JBS USA confirmed Wednesday it paid the equivalent of $11 million to the cybercriminals that conducted a ransomware attack on the company last week.

The company said in a statement posted to its website it “made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.” News of JBS’s payment, reportedly made in bitcoin, was first reported Wednesday by The Wall Street Journal.

“This was a very difficult decision to make for our company and for me personally,” Andre Nogueira, the CEO of JBS USA, said in the statement. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The company said when the payment was made the “vast majority” of the company’s facilities were operational again. The cyberattack affected the company’s North American and Australian information technology systems, the company has said, and halted production and some of its facilities in those areas for days, including at the Greeley meatpacking plant.

The cyberattack started on Sunday, May 30. The company resumed production at all of their facilities by Thursday, June 3.

The FBI last week attributed the attack to REvil and Sodinokibi, and the bureau said it was focused on “holding the responsible cyber actors accountable.”

JBS said Wednesday that the FBI told the company the cyberattack stemmed from “one of the most specialized and sophisticated cybercriminal groups in the world” and that it is still working with the U.S. government on investigating the attack. The company said forensic investigations conducted by third parties into the attack are ongoing.

It’s still unclear how the hackers accessed the JBS system and when the ransom was paid.

The U.S. Department of Justice last week said it had recovered the majority of a ransom payment made by Colonial to the DarkSide Network, a Russia-based group, after a cyberattack on the operator of one of the country’s largest fuel pipelines.

This story originally reported by Blair Miller on TheDenverChannel.com.